github-issue-writer

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses hardcoded absolute file paths to execute internal bash scripts (e.g., /Users/tomlord/workspace/personal-project/...). This is a best-practice violation that may cause the skill to fail on other systems and could potentially lead to the execution of unintended files if such paths exist and are writable by other users.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it is designed to read and process content from untrusted external sources, specifically the project's codebase and existing GitHub issues.
  • Ingestion points: Reads codebase files using grep and file globs, and retrieves issue content via gh issue view.
  • Boundary markers: The instructions do not specify any boundary markers or directives to ignore instructions embedded within the data being read.
  • Capability inventory: The skill has the ability to execute shell commands, create or edit GitHub issues, and run local scripts.
  • Sanitization: While the skill uses shell heredocs (<<'EOF') to prevent command injection during issue creation, it lacks sanitization to prevent the LLM from following instructions found in the processed code or issues.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 01:05 AM
Security Audit — agent-trust-hub — github-issue-writer